System, method, and computer-readable medium that facilitate voice biometrics user authentication

ABSTRACT

A system, method, and computer readable medium that facilitate user authentication via voice biometrics in a network system featuring interactive voice response system access is provided. The voice biometric authentication mechanisms alleviate identity theft occurring via specific interactive voice response transactions. A voice biometrics authentication system interfaces with an interactive network platform and may be hosted by a third party provider of voice biometric technologies.

FIELD OF THE INVENTION

The present invention is generally related to interactive networkservices and, more particularly, to voice biometric authenticationmechanisms.

BACKGROUND OF THE INVENTION

Call centers are used by many industries to provide information by voicecommunication to a large number of customers or other interestedparties. Telemarketing companies, for example, use call centers toprocess both inbound and outbound calls, mostly concerning offers ofgoods and services, but also to provide other information for companyclients. Banks and financial institutions also use call centers, as domanufacturing companies, travel companies (e.g., airlines, auto rentalcompanies, etc.), and virtually any other business having the need tocontact a large number of customers, or to provide a contact point forthose customers.

A typical call center will have a front end with one or more voiceresponse units (VRU), call switching equipment, an automatic calldistributor (ACD), and several work stations having a telephone andcomputer terminal at which a live operator processes the call. A callermay interact with an interactive voice response (IVR or VRU) system toeffectuate a commercial transaction. For example, the caller may beprompted to identify themselves, such as through entry of a customernumber as it may appear on a mail order catalog or another customeridentifier.

Disadvantageously, customer identification information may be obtainedby a malicious entity that may then fraudulently access a user account.Identity theft is motivating institutions to employ new andsophisticated methods of authenticating their customers. This spans themarketplace from government, financial, healthcare, insurance, mobileservice industries, and various other industries. However, contemporarysystems provide no automated tools to help diagnose fraudulentinteractive voice response usage.

Therefore, what is needed is a mechanism that overcomes the describedproblems and limitations.

SUMMARY OF THE INVENTION

The present invention provides a system, method, and computer readablemedium that facilitate user authentication via voice biometrics in anetwork system featuring interactive voice response system access. Thevoice biometric authentication mechanisms alleviate identity theftoccurring via specific interactive voice response transactions. A voicebiometrics authentication system interfaces with an interactive networkplatform and may be hosted by a third party provider of voice biometrictechnologies.

In one embodiment of the disclosure, a method for authenticating a userin a network system via voice biometrics is provided. The methodincludes storing a voiceprint of a first user, receiving an attempt foraccess to an application service by a user, identifying the voiceprintas associated with an identity of the first user and the attempt foraccess to the application service, obtaining a voice sample from theuser, performing an evaluation of vocal characteristics of thevoiceprint with vocal characteristics of the voice sample, anddetermining that the user is one of the first user or a fraudulent userbased on results of the evaluation of vocal characteristics of thevoiceprint with vocal characteristics of the voice sample.

In another embodiment of the disclosure, a computer-readable mediumhaving computer-executable instructions for execution by a processingsystem, the computer-executable instructions for authenticating a userin a network system via voice biometrics, is provided. Thecomputer-readable medium comprises instructions that, when executed bythe processing system, cause the processing system to store a voiceprintof a first user, assign an interactive voice response application as anattribute of the voiceprint, receive an attempt for access to anapplication service by a user, identify the voiceprint as associatedwith an identity of the first user and the attempt for access to theapplication service, obtain a voice sample from the user, perform anevaluation of vocal characteristics of the voiceprint with vocalcharacteristics of the voice sample, and determine that the user is oneof the first user or a fraudulent user based on results of theevaluation of vocal characteristics of the voiceprint with vocalcharacteristics of the voice sample.

In a further embodiment of the disclosure, a system for authenticating auser in a network system via voice biometrics is provided. The systemincludes an application server that hosts a plurality of serviceapplications, an interactive voice response system communicativelycoupled with the application server that provides voice response accessto one of more of the plurality of service applications, and a voicebiometrics authentication system communicatively coupled with theinteractive voice response system that stores a voiceprint of a firstuser. The interactive voice response system receives an attempt foraccess to a service application by a communication device of a user andcommunicatively couples the communication device with the voicebiometrics authentication system. The voice biometrics authenticationsystem identifies the voiceprint as associated with an identity of thefirst user and the attempt for access to the application service,obtains a voice sample from the user, performs an evaluation of vocalcharacteristics of the voiceprint with vocal characteristics of thevoice sample, and determines that the user is one of the first user or afraudulent user based on results of the evaluation of vocalcharacteristics of the voiceprint with vocal characteristics of thevoice sample.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the present disclosure are best understood from the followingdetailed description when read with the accompanying figures, in which:

FIG. 1 is a diagrammatic representation of a network system thatfeatures a voice biometrics authentication platform implemented inaccordance with an embodiment;

FIG. 2 is a block diagram of a data processing system that may beimplemented as a server in accordance with an embodiment of the presentinvention;

FIG. 3 is a diagrammatic representation of a data processing system thatmay be implemented as a client system in accordance with an embodiment;

FIG. 4 is a diagrammatic representation of an exemplary hardware andsoftware configuration of the voice biometrics authentication systemimplemented in accordance with an embodiment;

FIG. 5 is a flowchart that depicts processing of a biometric enrollmentroutine that facilitates voiceprint user authentication in accordancewith disclosed embodiments; and

FIG. 6 is a flowchart of a voice biometrics authentication routineimplemented in accordance with an embodiment.

DETAILED DESCRIPTION OF THE INVENTION

It is to be understood that the following disclosure provides manydifferent embodiments or examples for implementing different features ofvarious embodiments. Specific examples of components and arrangementsare described below to simplify the present disclosure. These are, ofcourse, merely examples and are not intended to be limiting.

In accordance with embodiments, clients of a network system featuringinteractive voice response (IVR) system access are provided with variousvoice biometric authentication mechanisms that alleviate identity theftoccurring via specific IVR transactions. The disclosed embodimentsprovide mechanisms that interface with an interactive network platformand a third party provider of voice biometric technologies. Thedisclosed mechanisms eliminate, or significantly reduce, fraudulentaccess by imposters to accounts via an IVR system. The describedmechanisms provide a voice identification mechanism that effectivelyprovides biological authentication of an individual.

The authentication mechanisms preferably, in part, rely on knowninformation, such as an account number, phone number, birthday, tokencertificates, etc., used in conjunction with the biometrics of theuser's voice. Using the characteristics of an individual's voice toverify the caller identity advantageously restricts imposters andimproves correct authentication of users.

FIG. 1 is a diagrammatic representation of a network system 100 thatfeatures a voice biometrics authentication platform implemented inaccordance with an embodiment. A user, e.g., at a telephone or othercommunication device 102, accesses system 100 via, for example, atelephone network 104, such as the Public Switched Telephone Network(PSTN). For example, a user may call a toll-free telephone number, suchas an 800 number, that is determined by the carrier as being associatedwith the network system 100. The system may provide various options tothe system for selection by the user. In an embodiment, the user may beconnected with a Voice Response Unit (VRU) 106 and/or a server 108 thatprovides VoiceXML (VXML) browsers that facilitate interactive voicedialogues. The VRU 106 and server 108 hosting VXML browsers may becommunicatively coupled, e.g., via a Voice over Internet Protocol (VoIP)interface. Server 108 may be communicatively coupled with cache servers110, e.g., for communication exchanges made, by way of example, viaHypertext Transfer Protocol (HTTP) exchanges. The VRU 106 and VXMLbrowser server 108 may be included in an IVR call center front end thatfacilitates processing of a call. The VRU 106 and VXML browser server108 may provide voice response menus to the user to submit, for example,a user identification, a desired application or entity with which theuser wishes to interact, and the like. The server 108 may further becommunicatively coupled with Message Transport Layer (MTL) servers 112.The MTL servers 112 may be communicatively coupled with an applicationconfiguration database 114 as well as application servers 116 which maybe communicatively coupled with the cache servers 110 and theapplication configuration database 114. Application servers 116 may hostservice applications, such as banking services, shopping services,insurance services, or any other entity service. The VXML browsers 108and MTL servers 112 may each be communicatively coupled with a voicebiometric (VB) processing server 120 which is communicatively coupledwith a primary VB data repository 122 and a secondary VB data repository124. Further, the VB processing server 120 may be communicativelyinterfaced with various platform administrator systems 128. Each of theprimary and secondary VB data repositories 122 and 124 may be interfacedwith a VB log database 126 that stores voice biometric data processinglogs or records of VB user authentications. The VB processing servers120, primary VB data repository 122, secondary VB repository 124, and VBlogs 126 collectively comprise a voice biometrics authentication system125 that facilitates user authentication via voice biometrics evaluatedby way of algorithmic processing of a voice signature of a user and avoice sample provided by the user when attempting authentication. The VBbiometrics authentication system 125 may be hosted by a third party tofacilitate VB authentication for any number of entities being servicedby the call center of the system 100.

The VB log database 126 may be communicatively coupled with one or morereporting servers 130. The reporting servers 130 may be communicativelycoupled with a log server 132 and a data warehouse 134 that are eachcoupled with one another. The log server 132 may be communicativelyinterfaced with the application servers 116 as well as the MTL servers112. Web servers 140 may interface with product administrator systems142, e.g., via the Internet 150 or another suitable networkinfrastructure.

FIG. 2 is a block diagram of a data processing system 200 that may beimplemented as a server, such as VB processing server 120 in FIG. 1, inaccordance with an embodiment of the present invention. Data processingsystem 200 may be a symmetric multiprocessor (SMP) system including aplurality of processors 202 and 204 connected to system bus 210.Alternatively, a single processor system may be employed. Also connectedto system bus 210 is memory controller/cache 220, which provides aninterface to local memory 222. An I/O bus bridge 230 is connected tosystem bus 210 and provides an interface to I/O bus 232. Memorycontroller/cache 220 and I/O bus bridge 230 may be integrated asdepicted.

A peripheral component interconnect (PCI) bus bridge 240 may beconnected to I/O bus 232 and provides an interface to PCI local bus 244.Additional PCI bus bridges 241-242 provide interfaces for additional PCIlocal buses 245-246, from which additional network adapters or otherperipherals may be supported. In this manner, data processing system 200allows connections to multiple network computers. A memory-mappedgraphics adapter 250 and hard disk 252 may also be connected to I/O bus232 as depicted, either directly or indirectly. VB data repository 122depicted in FIG. 1 may be network-connected with system 200 and therebyaccessible through network adapter 248. Alternatively, VB datarepository 122 may be interconnected with system 200, e.g., via I/O bus232.

Those of ordinary skill in the art will appreciate that the hardwaredepicted in FIG. 2 may vary. For example, other peripheral devices, suchas optical disk drives and the like, also may be used in addition to orin place of the hardware depicted, and any variety of serverarchitectures may be substituted for the depicted implementation. Thedepicted example is not meant to imply architectural limitations withrespect to the present invention.

FIG. 3 is a diagrammatic representation of a data processing system 300that may be implemented as a client system, such as, for example, aplatform administrator 128 client system or a product administrators 142client system depicted in FIG. 1, in accordance with an embodiment. Inthe illustrative example, data processing system 300 employs aperipheral component interconnect (PCI) local bus architecture. Althoughthe depicted example employs a PCI bus, other bus architectures such asAccelerated Graphics Port (AGP) and Industry Standard Architecture (ISA)may be used. A processor 302 and a main memory 304 are connected to aPCI local bus 306 through a PCI bridge 308. PCI bridge 308 also mayinclude an integrated memory controller and cache memory for processor302. Additional connections to PCI local bus 306 may be made throughdirect component interconnection or through add-in boards. In thedepicted example, a local area network (LAN) adapter 340, a SCSI hostbus adapter 320, and an expansion bus interface 330 are connected to PCIlocal bus 306 by direct component connection. In contrast, an audioadapter 310, a graphics adapter 312, and an audio/video adapter 314 areconnected to PCI local bus 306 by add-in boards inserted into expansionslots. Expansion bus interface 330 provides a connection for a keyboardand mouse adapter 332, a modem 334, and additional memory 336. A smallcomputer system interface (SCSI) host bus adapter 320 provides aconnection for a hard disk drive 322 and a CD-ROM drive 324. Typical PCIlocal bus implementations will support three or four PCI expansion slotsor add-in connectors.

An operating system runs on processor 302 and is used to coordinate andprovide control of various components within data processing system 300in FIG. 3. The operating system may be a commercially availableoperating system, such as Windows XP, which is available from MicrosoftCorporation. Instructions for the operating system and applications orprograms are located on storage devices, such as hard disk drive 322,and may be loaded into main memory 304 for execution by processor 302.

Those of ordinary skill in the art will appreciate that the hardware inFIG. 3 may vary depending on the implementation, and any variety ofpersonal computer architecture or other data processing system devicesmay be suitably substituted for those depicted and described. Otherinternal hardware or peripheral devices, such as flash read-only memory(ROM), equivalent nonvolatile memory, or optical disk drives and thelike, may be used in addition to or in place of the hardware depicted inFIG. 3. Also, the processes of the present invention may be applied to amultiprocessor data processing system.

In accordance with an embodiment, a speaker is authenticated based onvoice biometrics, i.e., physical characteristics of the speaker's voice.Speakers supplying voice samples for evaluation may comprise, forexample, employees, consumers, customers or live operator agents.

For a new speaker program, a user is preferably allowed to setconfiguration(s) used to define related data elements with interfacingsystems and function settings within the web product. The client maypreferably prompt the speaker candidate to call an IVR in order toenroll a client voiceprint that provides a voice signature of thespeaker used for future user verifications. Once a user has enrolledsuccessfully, the user will be prompted to provide a voice sample onsubsequent system access. The system then compares the user samplesupplied for verification with the stored voiceprint to determine if thespeaker is the original individual or, alternatively, an imposter.Imposters, i.e., a user that has supplied a voice sample identified asfraudulent, may then be advantageously restricted from gaining systemaccess.

During verification, a speaker may be incorrectly identified as animposter. This may be attributed to poor voice quality in theconnection, the speaker failing to accurately speak their voice sample,additional background voices or noises, illness, or drastic changes inthe speakers voice. In this instance, the speaker may be prompted toattempt verification again. In the event voice biometric authenticationcontinues to fail, alternate verification methods may be selected otherthan voice verification. Due to natural changes in voice as people age,it may be desirable to re-enroll users in order to maintain theusefulness of their voiceprint. A user operating at a system client mayelect to use a program setting that will work with the IVR to promptspeakers for re-enrollment after a pre-defined period. In some instance,there will be speakers whose roles may change that result in theirvoiceprint no longer being of use. A system client may elect to use aprogram setting that will automatically expire a speaker and expirevoiceprints after a pre-defined period. The client may also beinterested in finding out which speakers have been targeted byimposters. To this end, the client may elect to use a program settingthat will notify them after a maximum consecutive failed verificationattempts for the speaker. Special attention is paid to ensure playbackdetection. For every verification, the system stores an entity referredto as a “footprint” which is a miniature representation of the voicefile. It then compares the footprint to the next “footprint” obtainedwhen the same caller is being verified again—and if they are similarenough—the verification is rejected.

FIG. 4 is a diagrammatic representation of an exemplary hardware andsoftware configuration of the voice biometrics authentication system 125depicted in FIG. 1 implemented in accordance with an embodiment.

The authentication system 125 includes a voice biometrics processingserver 120 that is communicatively interfaced with a voice platform 410,e.g., VRU server 106 and/or VXML server 108. The voice biometricsprocessing server 120 may host an instance of Internet InformationServices (IIS). Administration applications 420 may communicativelyinterface with the processing server 120 and facilitate administratorconfiguration of various system applications. The administratorapplications 420 may be implemented as computer executable instructionsstored on a tangible storage medium that are accessible and executableby a data processing system, such as the processing server 120 and/oradministrator systems 128. A file system 430 may be hosted or interfacedby processing server 120. The file system 430 may manage the storage andretrieval of hashed audio files that facilitate voice biometricauthentication of users. An active directory 440 may be interfaced withthe processing sever 120 and may facilitate audit, authentication, andauthorization of users attempting to access a system or application viavoice interactive processing systems. An authorization manager 450 maybe communicatively interfaced with the active directory 440. Forexample, communications may be made between the active directory 440 andthe authorization manager 450 by way of Lightweight Directory AccessProtocol (LDAP) communications. A vocal database 460 may further becommunicatively interfaced with the processing server 120. The vocaldatabase 460 or the active directory 440 may store voiceprints submittedby users that are to facilitate provisioning of voice biometricauthentication.

In an embodiment, the call center front end, e.g., VRU 106 and/or VXMLserver 108 may provide an initial identification of a user, e.g.,calling from device 102. The initial identification may be made, forexample, by way of an account number, phone number, birthday, tokencertificates, or other information provided by the user at device 102.The call center front end may then identify a particular service desiredto be accessed by the user. Thereafter, the call center may direct thecall to the appropriate service application hosted by applicationservers 116. In the event that voice biometric authentication mechanismsare required for the desired service, the call may be directed to theauthentication system 125. The VB processing server 120 may then obtainthe voiceprint associated with the particular user and prompt the userfor a voice sample. The voiceprint may be obtained, for example, fromthe vocal database 460, or the Active directory 440, and may compriseone or more speaker audio segments (voice files). The VB processingserver 120 then attempts VB authentication of the speaker by way ofalgorithmic processing that invokes a verification formula for speakerverification. The verification formula may generate a binary positive ornegative user verification result or, alternatively, may produce averification numerical score that indicates a measure of the certaintyof the speaker verification. The verification numerical score may thenbe compared with a threshold associated with the service application towhich the user desires access or may alternatively be associated withthe particular user. The verification result is then determined based onwhether the score is above or below the threshold.

FIG. 5 is a flowchart 500 that depicts processing of a biometricenrollment routine that facilitates voiceprint user authentication inaccordance with disclosed embodiments. The processing steps of FIG. 5may be implemented as computer-executable instructions tangibly embodiedon a computer-readable medium executable by a processing system, such asthe voice biometrics processing server 120 depicted in FIGS. 1 and 4.

The biometric enrollment routine is invoked (step 502), and the user isprompted for one or more voiceprint samples that provide a voicesignature to be utilized for user verification (step 504). A client isthen assigned as an attribute of the voiceprint sample (step 506). Forexample, the client assigned as an attribute of the voiceprint samplemay comprise a client identifier or name of a client entity orapplication, such as a banking application, an insurance providerapplication, or any other suitable application hosted by applicationservers 116. An IVR application may be assigned as a voiceprintattribute (step 508). For example, an identifier of a particular IVRassociated with a client or client application may be assigned as anattribute of the voiceprint sample. A status of the voiceprint samplemay be associated with the voiceprint sample as an attribute thereof(step 510). For example, the status may be set to active or inactiveindicating whether the voiceprint is to be used for biometricauthentication of a user. In an embodiment, the status of a voiceprintsample may default to an active status. A re-enrollment age may beassigned as an attribute of the voiceprint sample (step 512). Forexample, the user may be prompted for a re-enrollment age or,alternatively, a default re-enrollment age may be assigned as anattribute of the voiceprint sample. Upon expiration of the re-enrollmentage, the user is then required to re-enroll in the biometricverification process. An expiration age may also be assigned as anattribute of the voiceprint sample (step 514). For example, theexpiration age may be supplied by the user during the enrollment processor, alternatively, a default expiration age may be assigned as anattribute of the voiceprint sample. Upon expiration of the expirationage, the voiceprint sample may be deleted or otherwise designated fornon-use, and the user may then be required to resubmit one or morevoiceprint samples to be used for biometric verification. A maximumnumber of concurrent failed verification attempts may be assigned as anattribute of the supplied voiceprint (step 516). For example, themaximum number of concurrent failed verification attempts may besupplied by the user during the enrollment process or, alternatively, adefault maximum number of concurrent failed verification attempts may beassigned as an attribute of the voiceprint sample. The voiceprint andassociated attributes are then stored (step 518), e.g., in the vocaldatabase 460, and the enrollment routine cycle may then end (step 520).

FIG. 6 is a flowchart 600 of a voice biometrics authentication routineimplemented in accordance with an embodiment. The processing steps ofFIG. 6 may be implemented as computer-executable instructions tangiblyembodied on a computer-readable medium executable by a processingsystem, such as the voice biometrics processing server 120 depicted inFIGS. 1 and 4.

The authentication routine is invoked (step 602) and a user ID alongwith a Client ID and/or IVR Application ID is received (step 604). Thevoiceprint associated with the user ID and corresponding to the ClientID and/or the IVR Application ID is then retrieved, e.g., from the vocaldatabase 460, along with the voiceprint attributes (step 606). Theactive status attribute is then evaluated to determine if the voiceprintis active for voice biometric evaluation (step 608). In the event thevoiceprint is inactive, the authentication routine may then invoke analternative verification process (step 610), and the authenticationroutine cycle may then end (step 634).

Returning again to step 608, in the event the voiceprint status isactive, the authentication routine may then evaluate the re-enrollmentage attribute of the voiceprint to determine if the voiceprintre-enrollment age indicates the voiceprint has expired (step 612). Ifthe voiceprint enrollment period has expired, the authentication routinemay then invoke the enrollment process, e.g., as described above withreference to FIG. 5, to re-enroll the user for voice biometricsverification (step 614). The authentication routine cycle may then endaccording to step 634.

Returning again to step 612, if the re-enrollment age of the voiceprinthas not expired, the authentication routine may then evaluate theexpiration period attribute of the voiceprint to determine if thevoiceprint has expired (step 616). If the voiceprint has expired, theauthentication routine may then obtain new voiceprint(s) from the userand store the new voiceprints for voice biometric evaluations of theuser (step 618). Accordingly, the authentication routine may delete thepreviously stored voiceprint(s) and store the newly suppliedvoiceprint(s) in place of the deleted voiceprints. The authenticationroutine cycle may then end according to step 634.

Returning again to step 616, if the voiceprint(s) have not expired, theauthentication routine may then prompt the user for a voice sample andreceive the supplied voice sample (step 620). The authentication routinemay then compare voice biometric characteristics of the voiceprint andvoice biometric characteristics of the supplied sample (step 622). Tothis end, the VB processing server 120 may invoke a verification formulathat may generate a binary positive or negative user verification resultor, alternatively, may produce a verification numerical score that iscompared with a verification threshold. An evaluation may then be madeto determine if the biometric characteristics of the voiceprint andthose of the supplied sample sufficiently qualify the user havingsupplied the sample as a match of the user associated with thevoiceprint (step 624). If the evaluation determines the biometriccharacteristics of the voiceprint and sample sufficiently qualify as amatch, the authentication routine may then successfully verify the useridentity and may set the concurrent verification failed attemptsattribute of the voiceprint to zero (step 626). The authenticationroutine cycle may then end according to step 634.

Returning again to step 624, if the biometric characteristics of thevoiceprint and those of the supplied sample do not sufficiently qualifythe user having supplied the sample as a match of the user associatedwith the voiceprint, the authentication routine may then increment theconcurrent verification failed attempts attribute (step 628) andthereafter evaluate the concurrent verification failed attemptsattribute to determine if the maximum concurrent verification failedattempts attribute has been reached (step 630). If the maximumconcurrent verification failed attempts attribute of the voiceprint hasnot been reached, the authentication routine may then prompt the userfor a voice sample and receive the supplied voice sample according tostep 620. In the event the maximum concurrent verification failedattempts attribute of the voiceprint has been reached, theauthentication routine may then provide a voice biometric verificationfailure indicating that the user is likely a fraudulent user (step 632).The authentication routine cycle may then end according to step 634.

As described, a system, method, and computer readable medium thatfacilitate user authentication via voice biometrics in a network systemfeaturing interactive voice response system access are provided. Thevoice biometric authentication mechanisms alleviate identity theftoccurring via specific interactive voice response transactions. A voicebiometrics authentication system interfaces with an interactive networkplatform and may be hosted by a third party provider of voice biometrictechnologies.

The flowcharts of FIGS. 5-6 depict process serialization to facilitatean understanding of disclosed embodiments and are not necessarilyindicative of the serialization of the operations being performed. Invarious embodiments, the processing steps described in FIGS. 5-6 may beperformed in varying order, and one or more depicted steps may beperformed in parallel with other steps. Additionally, execution of someprocessing steps of FIGS. 5-6 may be excluded without departing fromembodiments disclosed herein.

The illustrative block diagrams and flowcharts depict process steps orblocks that may represent modules, segments, or portions of code thatinclude one or more executable instructions for implementing specificlogical functions or steps in the process. Although the particularexamples illustrate specific process steps or procedures, manyalternative implementations are possible and may be made by simpledesign choice. Some process steps may be executed in different orderfrom the specific description herein based on, for example,considerations of function, purpose, conformance to standard, legacystructure, user interface design, and the like.

Aspects of the present invention may be implemented in software,hardware, firmware, or a combination thereof. The various elements ofthe system, either individually or in combination, may be implemented asa computer program product tangibly embodied in a machine-readablestorage device for execution by a processing unit. Various steps ofembodiments of the invention may be performed by a computer processorexecuting a program tangibly embodied on a computer-readable medium toperform functions by operating on input and generating output. Thecomputer-readable medium may be, for example, a memory, a transportablemedium such as a compact disk, a floppy disk, or a diskette, such that acomputer program embodying the aspects of the present invention can beloaded onto a computer. The computer program is not limited to anyparticular embodiment, and may, for example, be implemented in anoperating system, application program, foreground or background process,driver, network stack, or any combination thereof, executing on a singleprocessor or multiple processors. Additionally, various steps ofembodiments of the invention may provide one or more data structuresgenerated, produced, received, or otherwise implemented on acomputer-readable medium, such as a memory.

Although embodiments of the present invention have been illustrated inthe accompanied drawings and described in the foregoing description, itwill be understood that the invention is not limited to the embodimentsdisclosed, but is capable of numerous rearrangements, modifications, andsubstitutions without departing from the spirit of the invention as setforth and defined by the following claims. For example, the capabilitiesof the invention can be performed fully and/or partially by one or moreof the blocks, modules, processors or memories. Also, these capabilitiesmay be performed in the current manner or in a distributed manner andon, or via, any device able to provide and/or receive information.Further, although depicted in a particular manner, various modules orblocks may be repositioned without departing from the scope of thecurrent invention. Still further, although depicted in a particularmanner, a greater or lesser number of modules and connections can beutilized with the present invention in order to accomplish the presentinvention, to provide additional known features to the presentinvention, and/or to make the present invention more efficient. Also,the information sent between various modules can be sent between themodules via at least one of a data network, the Internet, an InternetProtocol network, a wireless source, and a wired source and viaplurality of protocols.

What is claimed is:
 1. A method for authenticating a user in a networksystem via voice biometrics, comprising: storing a voiceprint of a firstuser; assigning one or more of a plurality of interactive voice responseapplications as an attribute of the voiceprint; assigning an expirationage as an attribute of the voiceprint; receiving an attempt for accessto an application service by a user; determining if the applicationservice is provided by an assigned one of the plurality of interactivevoice response applications; when the application service is determinedto be an assigned one of the plurality of interactive voice responseapplications: identifying the voiceprint as associated with an identityof the first user and the attempt for access to the application service;obtaining a voice sample from the user; performing an evaluation ofvocal characteristics of the voiceprint with vocal characteristics ofthe voice sample; and determining that the user is one of the first useror a fraudulent user based on results of the evaluation of vocalcharacteristics of the voiceprint with vocal characteristics of thevoice sample.
 2. The method of claim 1, further comprising: responsiveto receiving the attempt for access, evaluating the expiration age; anddetermining whether the voiceprint has expired.
 3. The method of claim2, further comprising responsive to determining the voiceprint hasexpired, obtaining a new voiceprint from the first user.
 4. The methodof claim 1, further comprising assigning a maximum number of sequentialfailed verification attempts threshold with the voiceprint.
 5. Themethod of claim 4, further comprising: responsive to performing theevaluation of vocal characteristics of the voiceprint with vocalcharacteristics of the voice sample, incrementing a maximum number ofsequential failed verification attempts in the event the user isdetermined to be a fraudulent user; and determining if the maximumnumber of sequential failed verification attempts equals the maximumnumber of sequential failed verification attempts threshold.
 6. Themethod of claim 5, further comprising generating a verification failureof the user responsive to determining the maximum number of sequentialfailed verification attempts equals the maximum number of sequentialfailed verification attempts threshold.
 7. A non-transitorycomputer-readable medium having computer-executable instructions forexecution by a processing system, the computer-executable instructionsfor authenticating a user in a network system via voice biometrics, theinstructions, when executed by the processing system, cause theprocessing system to: store a voiceprint of a first user; assign one ormore of a plurality of interactive voice response applications as anattribute of the voiceprint; assign an expiration age as an attribute ofthe voiceprint; receive an attempt for access to an application serviceby a user; determine if the application service is provided by anassigned one of the plurality of interactive voice responseapplications; when the application service is determined to be anassigned one of the plurality of interactive voice responseapplications: identify the voiceprint as associated with an identity ofthe first user and the attempt for access to the application service;obtain a voice sample from the user; perform an evaluation of vocalcharacteristics of the voiceprint with vocal characteristics of thevoice sample; and determine that the user is one of the first user or afraudulent user based on results of the evaluation of vocalcharacteristics of the voiceprint with vocal characteristics of thevoice sample.
 8. The non-transitory computer-readable medium of claim 7,further comprising instructions that, when executed, cause theprocessing system to: evaluate the expiration age responsive toreceiving the attempt for access; and determine whether the voiceprinthas expired.
 9. The non-transitory computer-readable medium of claim 8,further comprising instructions that, when executed, cause theprocessing system to obtain a new voiceprint from the first userresponsive to determining the voiceprint has expired.
 10. Thenon-transitory computer-readable medium of claim 7, further comprisinginstructions that, when executed, cause the processing system to assigna maximum number of sequential failed verification attempts thresholdwith the voiceprint.
 11. The non-transitory computer-readable medium ofclaim 10, further comprising instructions that, when executed, cause theprocessing system to: increment a maximum number of sequential failedverification attempts in the event the user is determined to be afraudulent user responsive to performing the evaluation of vocalcharacteristics of the voiceprint with vocal characteristics of thevoice sample; and determine if the maximum number of sequential failedverification attempts equals the maximum number of sequential failedverification attempts threshold.
 12. The non-transitorycomputer-readable medium of claim 11, further comprising instructionsthat, when executed, cause the processing system to generate averification failure of the user responsive to determining the maximumnumber of sequential failed verification attempts equals the maximumnumber of sequential failed verification attempts threshold.
 13. Asystem for authenticating a user in a network system via voicebiometrics, comprising: an application server that hosts a plurality ofservice applications; an interactive voice response systemcommunicatively coupled with the application server that provides voiceresponse access to one of more of the plurality of service applications;and a voice biometrics authentication system communicatively coupledwith the interactive voice response system that stores a voiceprint of afirst user and assigns one or more of the plurality of serviceapplications and an expiration age as attributes of the voiceprint,wherein the interactive voice response system receives an attempt foraccess to a service application by a communication device of a user,determines if the application service is provided by an assigned one ofthe plurality of service applications and when the application serviceis determined to be an assigned one of the plurality of serviceapplications communicatively couples the communication device with thevoice biometrics authentication system, wherein the voice biometricsauthentication system identifies the voiceprint as associated with anidentity of the first user and the attempt for access to the applicationservice, obtains a voice sample from the user, performs an evaluation ofvocal characteristics of the voiceprint with vocal characteristics ofthe voice sample, and determines that the user is one of the first useror a fraudulent user based on results of the evaluation of vocalcharacteristics of the voiceprint with vocal characteristics of thevoice sample.
 14. The system of claim 13, wherein the voice biometricsauthentication system assigns an interactive voice response applicationas an attribute of the voiceprint.
 15. The system of claim 13, whereinthe voice biometrics authentication system evaluates the expiration ageresponsive to receiving the attempt for access, and determines whetherthe voiceprint has expired.
 16. The system of claim 15, wherein thevoice biometrics authentication system obtains a new voiceprint from thefirst user responsive to determining the voiceprint has expired.
 17. Thesystem of claim 13, wherein the voice biometrics authentication systemassigns a maximum number of sequential failed verification attemptsthreshold with the voiceprint, increments a maximum number of sequentialfailed verification attempts in the event the user is determined to be afraudulent user, determines if the maximum number of sequential failedverification attempts equals the maximum number of sequential failedverification attempts threshold, and generates a verification failure ofthe user responsive to determining the maximum number of sequentialfailed verification attempts equals the maximum number of sequentialfailed verification attempts threshold.